Community Wireless Networks

The key points of a Community ISP (Internet Service Provider) system are:

Network Services

In order to offer a complete service, several facilities need to be provided. Some of these can be provided for an extra charge by the upstream isp who supplied your leased line, others will need to be provided locally.

The Firewall

Firstly, it is good practice to protect your users from attack with a device called a firewall.

A broadband user's connection is always on and is therefore more likely to be attacked via a hacker. They are more attractive than a dial up user because they have a high bandwidth connection that can be used to send spam or to attack another web site. Certain viruses spread by searching for unprotected computers to infect.

A firewall is a device that, put simply, will not pass any data from the internet to a users computer that they have not asked for. Certain programs require the firewall to be carefully configured to enable them to work. A firewall should therefore be installed and configured by a suitably experienced person.

Firewalls are available as either stand-alone devices or as software that can be run on a computer that could also be acting as your web server. Stand-alone firewalls offer the best security and are therefore recommended.

Proxy Server

This is normally a piece of software running on a server which 'caches' or takes a copy of all the information requested by users, so that if a subsequent user requests a page it has stored, it will deliver the locally held copy and reduce the bandwidth used on the leased line. It is dubious whether a proxy provides any benefit unless there is a very large number of users or many users are visiting the same site, which only tends to happen with business use.

One major disadvantage of a proxy server is that the operator can be held liable for its content, even if it is one of the users who has accessed illegal information and the operator is unaware.

Mail Server

This can be provided as a piece of software held on a local server. For each user an account name and password is created, which provides the email address for each of your users. On most Linux servers this software is free.

This service can also be provided by the leased line supplier, or indeed any ISP. However there will generally be a charge for such a service.

Web Servers

This again is supplied as a piece of software to run on the main server. web servers are generally free with both Windows and Linux systems. Most commercial web servers run under Linux.

The firewall, proxy, email server, and web servers can generally all be run on one machine. With a Unix or Linux based system the software is free as is the operating system itself. There are free packages, such as Esmith, that can be downloaded that can easily be installed and configured to provide all this functionality in one.

With Windows based systems, as well as there being a charge for the operating system itself, there are further charges for each of the software elements and also a per user licence fee to allow users to connect to the server. This means that a Windows based solution will tend to cost at least several thousand pounds.

Access Control and Bandwidth Management

For a system to be both secure and revenue-generating, there needs to be a way of authorising users to make sure only those ones who have paid can access the system. Also there needs to be a way of limiting each person's access to the bandwidth from the leased line. One user of file sharing software such as Kazaa using its default settings can completely saturate a 2Mb leased line if not restricted.

Controlling Access

The first line of security is called WEP encryption. This system ensures that only users who know the WEP codes can connect to the system. This also stops 'eavesdroppers' from listening in to people's internet traffic. It isn't a completely secure system but is adequate for general purpose use. WEP codes are generally available in two strengths – 64 bit and 128 bit. 64 bit encryption offers very little protection against hacking.

The second line of defence is typically 'mac authentication'. This is where an access point (the piece of radio equipment that users connect to) only accepts connections from computers it knows. Each network interface or network card has a completely unique number called its mac address that is set when the device is manufactured. The access point compares the incoming user's mac address with a list either held in the access point itself or on another (Radius) server, which the access point checks with before allowing access. Mac authentication is not foolproof but does offer good enough protection for domestic and light business use.

Other systems such as 802.1x are available which improve the security greatly on a wireless network. However, for a community system they are expensive and cumbersome to use.

Bandwidth Management

Unfortunately it is not possible to provide bandwidth management without incurring costs. Typically solutions cost between £2,000 and £7,000.

Running a system without bandwidth management is a very bad idea!

There are three typical methods of providing bandwidth management (often called throttling):

Stand alone devices These units are a unit that sits between the leased line and the rest of the network and can be configured to give each user (by mac address) an individual upload and download speed.

Linux software packages Running on Linux servers, these cost about the same as stand alone devices and offer broadly similar functionality.

Windows packages These normally require a Windows server plus a device such as an intelligent switch (used to connect network equipment together). This solution is generally the most expensive option as more costly equipment is required.

A typical Windows solution will cost around £7,000 plus the server and operating system.

Navigator are experienced in the design and implementation of large scale wireless systems, and working with our partner companies can offer a complete solution for a community system.

Navigator Systems Logo